From e694a6acdc31fdec99ad3c6bc2e4b2811fe9872d Mon Sep 17 00:00:00 2001
From: Justin Middler <Jusso15@gmail.com>
Date: Fri, 23 Feb 2024 15:53:33 +1100
Subject: [PATCH 1/3] Update config.py

---
 AzureFunction/MISP2Sentinel/config.py | 57 +++++++++++++++++++++------
 1 file changed, 44 insertions(+), 13 deletions(-)

diff --git a/AzureFunction/MISP2Sentinel/config.py b/AzureFunction/MISP2Sentinel/config.py
index 0552db5..cfd60a0 100644
--- a/AzureFunction/MISP2Sentinel/config.py
+++ b/AzureFunction/MISP2Sentinel/config.py
@@ -1,23 +1,54 @@
 import os
-mispkey=os.getenv('mispkey')
+
+from azure.keyvault.secrets import SecretClient
+from azure.identity import DefaultAzureCredential
+
+mispkey = ''
 mispurl=os.getenv('mispurl')
 
 local_mode=os.getenv('local_mode', 'False')
+keyVaultName=os.getenv('key_vault_name', '')
 
-#####################
-# Microsoft Section #
-#####################
+tenant_id=os.getenv('tenant_id', '')
+workspace_id=os.getenv('workspace_id', '')
+client_id=os.getenv('client_id', '')
+client_secret=os.getenv('client_secret', '')
 
 # MS API settings
 ms_auth = {
-    'tenant': '',
-    'client_id': '',
-    'client_secret': '',
+    'tenant': tenant_id,
+    'client_id': client_id,
+    'client_secret': client_secret,
     'scope': 'https://management.azure.com/.default',
     'graph_api': False,
-    'workspace_id': ''
+    'workspace_id': workspace_id
 }
 
+## If Azure Key Vault name variable is set, use it for secret values
+if not len(keyVaultName) == 0:
+    # Key vault section
+    # Key Vault name must be a globally unique DNS name
+    
+    KVUri = f"https://{keyVaultName}.vault.azure.net"
+    
+    # Log in with the virtual machines managed identity
+    credential = DefaultAzureCredential()
+    client = SecretClient(vault_url=KVUri, credential=credential)
+    
+    # Retrieve values from KV (client secret, MISP-key most importantly)
+    retrieved_mispkey = client.get_secret('MISP-Key')
+    retrieved_clientsecret = client.get_secret('ClientSecret')
+    
+    # Set values with 
+    mispkey = retrieved_mispkey.value
+    ms_auth['client_secret'] = retrieved_clientsecret
+
+mispkey=os.getenv('mispkey')
+
+#####################
+# Microsoft Section #
+#####################
+
 ms_max_indicators_request = 100     # Throttle max: 100 indicators per request
 ms_max_requests_minute = 100        # Throttle max: 100 requests per minute
 ms_useragent = 'MISP-1.0'
@@ -69,8 +100,8 @@
 days_to_expire = 30
 days_to_expire_start = "current_date" # Upload Indicators API only. Start counting from "valid_from" | "current_date" ; 
 days_to_expire_mapping = {          # Upload indicators API only. Mapping for expiration of specific indicator types
-                    "ipv4-addr": 150,
-                    "ipv6-addr": 150,
-                    "domain-name": 300,
-                    "url": 400
-                }
+                        "ipv4-addr": 150,
+                        "ipv6-addr": 150,
+                        "domain-name": 300,
+                        "url": 400
+                    }

From 462dce188aaa7266d39ba7fb36a0529859816533 Mon Sep 17 00:00:00 2001
From: Justin Middler <Jusso15@gmail.com>
Date: Fri, 23 Feb 2024 16:01:23 +1100
Subject: [PATCH 2/3] Update config.py

---
 AzureFunction/MISP2Sentinel/config.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/AzureFunction/MISP2Sentinel/config.py b/AzureFunction/MISP2Sentinel/config.py
index cfd60a0..72c36ab 100644
--- a/AzureFunction/MISP2Sentinel/config.py
+++ b/AzureFunction/MISP2Sentinel/config.py
@@ -43,6 +43,7 @@
     mispkey = retrieved_mispkey.value
     ms_auth['client_secret'] = retrieved_clientsecret
 
+print('key_vault_name env variable not set, falling back to env variable for config values....')
 mispkey=os.getenv('mispkey')
 
 #####################

From 80facf43a041ed8eda169bdc3a35bc1452c3331e Mon Sep 17 00:00:00 2001
From: Justin Middler <Jusso15@gmail.com>
Date: Mon, 26 Feb 2024 08:30:19 +1100
Subject: [PATCH 3/3] Update README.md with Azure Key Vault and config.py
 guidance

---
 README.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index b03646a..66be74f 100644
--- a/README.md
+++ b/README.md
@@ -185,7 +185,15 @@ You then need **Python3**, a Python virtual environment and PyMISP.
 
 ## Configuration
 
-The configuration is in `config.py`. 
+The configuration is handled in the `config.py` file.
+
+By default the config.py will look to use Azure Key Vault if configured, if you set a **"key_vault_name"** value in your environment variables, to the name of the Azure Key Vault you have deployed, this will be the default store for all secret and configuration values.
+
+If you do not set the above value, the config.py will then fall-back to using environment variables and lastly, values directly written inside of the config.py file.
+
+[Guidance for assigning a Management Service Indeitity to Function App](https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Chttp)
+
+[Assigning your function app permissions to Azure Key Vault](https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-portal) - **NOTE** - you only need to assign "Secret GET" permission to your function app Management Service Identity.
 
 ### Microsoft settings